/*
 *    Copyright (c) 2018-2025, lengleng All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 * Redistributions in binary form must reproduce the above copyright
 * notice, this list of conditions and the following disclaimer in the
 * documentation and/or other materials provided with the distribution.
 * Neither the name of the pig4cloud.com developer nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 * Author: lengleng (wangiegie@gmail.com)
 */

package com.github.pig.auth.config;

import com.github.pig.auth.component.mobile.MobileSecurityConfigurer;
import com.github.pig.common.bean.config.FilterIgnorePropertiesConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

/**
 * @author lengleng
 * @date 2018/3/10
 * @description
 * Spring security 安全机制，通过@EnableWebSecurity注解和继承WebSecurityConfigurerAdapter类实现
 */
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER - 1)
@Configuration
@EnableWebSecurity
public class PigSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    //过滤url，即这些url可以直接访问，不需要用户先登陆，这些url配置在pig-auth-dev.yml文件中
    @Autowired
    private FilterIgnorePropertiesConfig filterIgnorePropertiesConfig;
    @Autowired
    private MobileSecurityConfigurer mobileSecurityConfigurer;

    //继承WebSecurityConfigurerAdapter这个方法，
    // 并在之类中重写configure的3个方法，
    // 其中3个方法中参数包括为HttpSecurity（HTTP请求安全处理），
    // AuthenticationManagerBuilder（身份验证管理生成器）
    // 和WebSecurity（WEB安全）。
    // 这里只重写了http请求安全处理
    @Override
    public void configure(HttpSecurity http) throws Exception {
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry =
                http.formLogin().loginPage("/authentication/require")//指定form方式的登陆路径
                        .loginProcessingUrl("/authentication/form")
                        .and()////and()是返回一个securityBuilder对象
                        .authorizeRequests();//通过authorizeRequests()方法来开始请求权限配置
        filterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll());//permitAll()表示用户可以任意访问
        registry.anyRequest()
                .authenticated()//.anyRequest().authenticated()是对http所有的请求必须通过授权认证才可以访问,也就是必须通过用户登陆后才能访问。
                .and()//and()是返回一个securityBuilder对象，formLogin()和httpBasic()是授权的两种方式。
                .csrf().disable();
        http.apply(mobileSecurityConfigurer);
    }
}
